EP2031823B1 - Service de notification d'hameçonnage - Google Patents
Service de notification d'hameçonnage Download PDFInfo
- Publication number
- EP2031823B1 EP2031823B1 EP08160462.1A EP08160462A EP2031823B1 EP 2031823 B1 EP2031823 B1 EP 2031823B1 EP 08160462 A EP08160462 A EP 08160462A EP 2031823 B1 EP2031823 B1 EP 2031823B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- phishing
- site
- critical values
- identifiers
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Not-in-force
Links
- 238000000034 method Methods 0.000 claims description 36
- 230000015654 memory Effects 0.000 claims description 14
- 230000001681 protective effect Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000003442 weekly effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Definitions
- the present invention relates to the protection of computer system users. More particularly, the present invention relates to a method and apparatus for providing protection from phishing attacks.
- Phishing is term used to describe the actual or attempted theft of a user's private information.
- an e-mail is sent to a user falsely claiming to be an established merchant in an attempt to trick the user into surrendering private information that will be used for identity theft.
- the e-mail directs the user to visit a web site, usually using a link provided in the e-mail itself, where the user is asked to update personal information, such as passwords, credit card numbers, social security numbers, and/or bank account numbers, that the legitimate merchant already has.
- the Web site is not the actual legitimate site; it is actually a look-a-like site, is malicious, and is set up only to steal the user's information.
- security applications such as anti-phishing applications have been developed. These security applications take protective actions when a user attempts to visit a known phishing site, e.g., a website. For example, the security applications block access to the phishing site, or at least provide a notification that the user is connecting with a known phishing site.
- Security applications rely upon updates from security vendor update sites. These updates are an important component of the security applications. For example, as new phishing sites are discovered, new phishing Uniform Resource Locators (URLs) are distributed as an update to allow for the security applications to protect users from the newly discovered phishing site.
- URLs Uniform Resource Locators
- a messaging application facilitates communication via a messaging user interface, and receives a communication, such as an email, from a domain.
- a phishing detection module detects a phishing attack in the communication by determining that the domain is similar to a known phishing domain, or by detecting suspicious network properties of the domain.
- a phishing notification comprises the date and/or time when the critical values were provided to the phishing site, and the actual critical values previously provided to the phishing site; and which method comprises a step of providing a phishing notification to at least one of a merchant impersonated by the phishing site, a credit bureau, or a law enforcement agency, the phishing notification comprising the date and/or time when the critical values were provided to the phishing site.
- a method includes determining whether new phishing site identifiers (such as, but not limited to, URLs and/or IP addresses) have been created. Upon a determination that the new phishing site identifiers have been created, the new phishing site identifiers are compared to site identifiers of sites to which critical values (such as personal/confidential information of the user) have been provided in the past.
- new phishing site identifiers such as, but not limited to, URLs and/or IP addresses
- a phishing notification is provided that the user was successfully phished in the past, the phishing notification comprising the date and/or time when the critical values were provided to the phishing site, and the actual critical values provided to the phishing site.
- the user is not only presently protected from the phishing site, but is also notified by the phishing notification if the user had been the victim of a successful phishing attack in the past. Further, the phishing notification contains sufficient information for the user to take proactive steps to reduce the consequences of the attack, such as contacting the user's credit bureau, to prevent or minimize any identity theft associated with the successful phishing attack.
- a phishing notification process 200 includes determining whether new phishing site identifiers (such as, but not limited to, URLs and/or IP addresses) have been created (OPERATION 212). Upon a determination that the new phishing site identifiers have been created, the new phishing site identifiers are compared to site identifiers of sites to which critical values (such as personal/confidential information of the user) have been provided in the past (OPERATION 214).
- critical values such as personal/confidential information of the user
- a phishing notification is provided that the user was successfully phished in the past (OPERATION 218).
- the user is not only presently protected from the phishing site, but is also notified by the phishing notification if the user had been the victim of a successful phishing attack in the past. Further, the phishing notification contains sufficient information for the user to take proactive steps to reduce the consequences of the attack, such as contacting the user's credit bureau, to prevent or minimize any identity theft associated with the successful phishing attack.
- FIG. 1 is a diagram of a client-server system 100 that includes a Phishing Notification Service (PNS) application 106 executing on a host computer system 102, e.g., a first computer system, in accordance with one embodiment.
- PPS Phishing Notification Service
- Host computer system 102 typically includes a central processing unit (CPU) 108, hereinafter processor 108, an input output (I/O) interface 110, and a memory 114.
- CPU central processing unit
- I/O input output
- Phishing Notification Service (PNS) application 106 includes, optionally, a HyperText Transfer Protocol (HTTP) proxy 140 and a transaction record store 142.
- HTTP proxies are well known to those of skill in the art.
- HTTP proxy 140 sits between user applications of host computer system 102, e.g., a Web browser of host computer system 102, and network 124. HTTP traffic of user applications of host computer system 102 pass through HTTP proxy 140.
- Host computer system 102 may further include standard devices like a keyboard 116, a mouse 118, a printer 120, and a display device 122, as well as, one or more standard input/output (I/O) devices 123, such as a compact disk (CD) or DVD drive, floppy disk drive, or other digital or waveform port for inputting data to and outputting data from host computer system 102.
- I/O input/output
- Phishing Notification Service (PNS) application 106 is loaded into host computer system 102 via I/O device 123, such as from a CD, DVD or floppy disk containing Phishing Notification Service (PNS) application 106.
- Host computer system 102 is coupled to a server computer system 130 of client-server system 100 by network 124.
- Server computer system 130 typically includes a display device 132, a processor 134, a memory 136, and a network interface 138.
- host computer system 102 is also coupled to a merchant server 152, a phishing server 154, and a security company server 156 by network 124.
- merchant server 152, phishing server 154, and security company server 156 are similar to host computer system 102 and/or server computer system 130, for example, include a central processing unit, an input output (I/O) interface, and a memory.
- I/O input output
- Merchant server 152, phishing server 154, and security company server 156 may further include standard devices like a keyboard, a mouse, a printer, a display device and an I/O device(s).
- the various hardware components of merchant server 152, phishing server 154, and security company server 156 are not illustrated to avoid detracting from the principles of this embodiment.
- Network 124 can be any network or network system that is of interest to a user.
- network interface 138 and I/O interface 110 include analog modems, digital modems, or a network interface card.
- Phishing Notification Service (PNS) application 106 is stored in memory 114 of host computer system 102 and executed on host computer system 102.
- PPS Phishing Notification Service
- the particular type of and configuration of host computer system 102, merchant server 152, phishing server 154, security company server 156, and server computer system 130 are not essential to this embodiment.
- FIG. 2 is a flow diagram of a phishing notification process 200 in accordance with one embodiment.
- PPS Phishing Notification Service
- CRITICAL VALUES PROVIDED TO SITE CHECK OPERATION 204 a determination is made as to whether critical values, e.g., at least one critical value, have been provided to a site, e.g., a website.
- critical values are values such as personal/confidential information of the user that are critical to a successful phishing attack.
- Some examples of critical values include the user's name, account numbers, passwords, credit card numbers, social security number, and bank account numbers.
- which values are critical values is configurable, e.g., by the user or system administrator of host computer system 102, or by the security company.
- the user of host computer system 102 receives an e-mail falsely claiming to be an established merchant.
- the e-mail includes a link that falsely claims to direct the user to visit a web site associated with the merchant, e.g., to connect to merchant server 152.
- the user upon clicking the e-mail link, the user is unknowingly connected to phishing server 154, which hosts a phishing web site that is essentially a facsimile (a close copy) of the web site hosted by legitimate merchant server 152.
- the user provides private information, e.g., critical values, to the phishing web site hosted by phishing server 154 believing that the private information is being provided to merchant server 152.
- the phishing web site hosted by phishing server 154 is not a known phishing site, e.g., has not been identified as a phishing site by a security company. Accordingly, even if a security application including an anti-phishing application is executing on host computer system 102, the user is allowed to provide critical values to the phishing web site hosted by phishing server 154, as the phishing web site hosted by phishing server 154 has not been identified as a known phishing site by the anti-phishing application.
- the user is tricked into surrendering private information that may be used for identity theft. Moreover, the user has surrendered the private information without even being aware that they have done so.
- the act of providing critical values to a site is referred to as a transaction.
- a transaction is not limited to a financial transaction, e.g., transferring of money or purchasing a product, but includes any transmission of critical values. Transactions can be monitored using HTTP proxy 140.
- phishing attack Although one example of a phishing attack is described above, there are many types of phishing attacks and the particular phishing attack is not essential to this embodiment.
- CREATE TRANSACTION RECORD OPERATION 206 a transaction record is created for the transaction.
- a transaction record includes a site identifier, e.g., a complete Uniform Resource Locator (URL), a sub URL, and/or Internet Protocol (IP) address, of the site to which critical values were provided.
- URL and/or IP addresses are set forth herein as examples of site identifiers, in light of this disclosure, those of skill in the art will understand that a variety of site identifiers can be used to identify a site. Accordingly, site identifiers include, but are not limited to, URLs and IP addresses.
- IP address is an identifier for a computer or device on a TCP/IP (Transmission Control Protocol/Internet Protocol) network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.
- the format of an IP address in IPV4 is typically a 32-bit numeric address written as four numbers separated by periods. For example, 127.0.0.1 could be an IP address.
- IP addresses are difficult for humans to remember.
- host (machine) names and domain names are commonly used instead of IP addresses.
- a host/domain name is a name that identifies one or more IP addresses. Because Internet traffic is routed using IP addresses, not host/domain names, every Web Server requires a DNS (domain name system) server to translate host/domain names into IP addresses.
- DNS domain name system
- the host computer generates a DNS query to a DNS server to translate the host/domain name into the IP address.
- the response to the DNS query if successfully resolved, returns the IP address of the host site associated with the host/domain name.
- a site e.g. a website
- a URL including a sub URL
- IP address is a site identifier for a site.
- site identifiers as URLs and/or IP addresses are set forth herein, it is to be understood that the URLs and/or IP addresses are for computer systems that host the site.
- site identifiers include, but are not limited to, URLs and/or IP addresses.
- the transaction record also includes one or more of the following: (1) the critical values provided, e.g., the actual values such as an actual bank account number; (2) the type of critical values provided, e.g., that a bank account number was provided without specifying the actual bank account number; (3) the date when the critical values were provided; and (4) the time when the critical values were provided.
- STORE TRANSACTION RECORD OPERATION 208 the transaction record created in CREATE TRANSACTION RECORD OPERATION 206 is stored.
- the transaction record is stored in transaction record store 142.
- transaction record store 142 includes a plurality of stored transaction records.
- the transaction record is provided to a security company in a manner similar to that discussed below regarding a PROVIDE TRANSACTION RECORD(S) TO SECURITY COMPANY OPERATION 210.
- the transaction record is stored by the security company, e.g., on security company server 156
- STORE TRANSACTION RECORD OPERATION 208 flow moves, optionally, to a PROVIDE TRANSACTION RECORD(S) TO SECURITY COMPANY OPERATION 210 (or directly to a NEW PHISHING SITE IDENTIFIERS CHECK OPERATION 212 in the event that OPERATION 210 is not performed).
- PROVIDE TRANSACTION RECORD(S) TO SECURITY COMPANY OPERATION 210 the transaction records stored on host computer system 102, e.g., at least one transaction record, are provided to a security company.
- the transaction records are provided to security company server 156 using a secure/encrypted transmission of the transaction records.
- each transaction record is provided immediately upon creation to the security company.
- the transaction records are provided to the security company periodically, e.g., hourly, daily, or weekly.
- the period in which the transaction records are provided to the security company is configurable, e.g., by the user or system administrator of host computer system 102, or by the security vendor.
- a new phishing site identifier is a URL and/or IP address, sometimes called a site identifier, of a newly discovered phishing site.
- a phishing site is a site, e.g., a web site, that is known to maliciously collect private information, e.g., for use in identity theft.
- the particular technique used to discover a phishing site is not essential to this embodiment, and any one of a number of known techniques can be used.
- a URL, an IP address and/or other identifier of a web site that was previously not a known phishing site but is now identified as a phishing site is a new phishing site identifier.
- the security company develops the new phishing site identifiers. Accordingly, once developed, a determination is made at the security company that there are new phishing site identifiers in NEW PHISHING SITE IDENTIFIERS CHECK OPERATION 212.
- new phishing site identifiers are downloaded to host computer system 102, e.g., from security company server 156.
- Phishing Notification Service (PNS) application 106 e.g., part of a comprehensive security application of host computer system 102, receives periodic updates from security company server 156, e.g., using Symantec Corporation's LIVEUPDATE TM system that automatically downloads updates including new phishing site identifiers.
- PPS Phishing Notification Service
- TM Symantec Corporation's LIVEUPDATE TM system that automatically downloads updates including new phishing site identifiers.
- a determination is made that there are new phishing site identifiers in NEW PHISHING SITE IDENTIFIERS CHECK OPERATION 212.
- the new phishing site identifiers are compared with the site identifiers contained within the stored transaction records in COMPARE NEW PHISHING SITE IDENTIFIERS WITH TRANSACTION RECORD SITE IDENTIFIERS OPERATION 214.
- MATCH CHECK OPERATION 216 a determination is made as to whether any of the new phishing site identifiers match any of the site identifiers contained within the stored transaction records. Stated another way, a determination is made as to whether at least one of the new phishing site identifiers matches at least one of the site identifiers contained within the stored transaction records. If there is a match, flow moves to a PROVIDE PHISHING NOTIFICATION OPERATION 218. Conversely, if there is not a match, flow moves to and exits at an EXIT OPERATION 222 or returns to CHECK OPERATION 204 and waits for more critical values to be provided to a site.
- a phishing notification is provided that the user was successfully phished in the past, i.e., provided critical values to a known phishing site.
- the phishing notification includes one or more of the following notifications: (1) the date and/or time when the critical values were provided to the phishing site; (2) the critical values provided to the phishing site; (3) the site identifier, e.g., the URL and/or IP address, of the phishing site; (4) the name of the phishing site; and (5) the legitimate merchant that was impersonated, sometimes called copied, by the phishing site.
- the notification appears as the following message:
- new phishing URLs are distributed to allow for the security applications to protect users from the newly discovered phishing site. More particularly, using the new phishing URLs, protective action will be taken if the user attempts to have a transaction with a phishing site associated with the phishing URLs.
- NEW PHISHING SITE IDENTIFIERS CHECK OPERATION 212 a determination will be made in NEW PHISHING SITE IDENTIFIERS CHECK OPERATION 212 that there are new phishing site identifiers upon distribution of the new phishing URLs.
- the new phishing URLs are compared with site identifiers of the stored transaction records in COMPARE NEW PHISHING SITE IDENTIFIERS WITH TRANSACTION RECORD SITE IDENTIFIERS OPERATION 214.
- a phishing notification is provided in PROVIDE PHISHING NOTIFICATION OPERATION 218.
- the user of host computer system 102 is not only presently protected from the phishing sites, but is also notified by the phishing notification if the user had been the victim of a successful phishing attack in the past. Further, the phishing notification contains sufficient information for the user to take proactive steps to reduce the consequences of the attack, such as contacting the user's credit bureau, to prevent or minimize any identity theft associated with the successful phishing attack.
- OPERATIONS 214, 216 are performed at the security company. Accordingly, in PROVIDE PHISHING NOTIFICATION OPERATION 218, the phishing notification is transmitted from the security company to host computer system 102, e.g., as an e-mail or otherwise.
- OPERATIONS 214, 216 are performed on host computer system 102, e.g., upon receiving new phishing site identifiers as discussed above.
- the phishing notification is provided by phishing notification service (PNS) application 106 to the user of host computer system 102, e.g., as a pop-up window on display device 122, to a system administrator, logged to a file, or otherwise.
- PPS phishing notification service
- the phishing notification is provided to interested third parties.
- the phishing notification is provided to the merchant impersonated by the phishing site, a credit bureau, or a law enforcement agency.
- the phishing notification is provided without any private user information thus protecting the user's confidential information. This information is used for mapping successful phishing attacks including the types of phishing attacks being successfully used.
- TAKE PROTECTIVE ACTION OPERATION 220 protective action is taken to provide protection from the newly discovered phishing site.
- any phishing e-mail associated with the phishing site is deleted from host computer system 102, quarantined, or otherwise disabled.
- FIG. 3 is a flow diagram of a phishing notification process 300 in accordance with another embodiment.
- PPS Phishing Notification Service
- ENTER OPERATION 202, NEW PHISHING SITE IDENTIFIERS CHECK OPERATION 212, PROVIDE PHISHING NOTIFICATION OPERATION 218, TAKE PROTECTIVE ACTION OPERATION 220, and EXIT OPERATION 222 of phishing notification process 300 of FIG. 3 are similar or identical to ENTER OPERATION 202, NEW PHISHING SITE IDENTIFIERS CHECK OPERATION 212, PROVIDE PHISHING NOTIFICATION OPERATION 218, TAKE PROTECTIVE ACTION OPERATION 220, and EXIT OPERATION 222 of phishing notification process 200 of FIG. 2 and so are not discussed in detail below.
- the local site identifiers include URLs and/or IP addresses from the cache (memory) of the Web browser of host computer system 102. In another embodiment, the local site identifiers include URLs and/or IP addresses from e-mails stored on host computer system 102. Generally, the local site identifiers of host computer system 102 include URLs, IP addresses, and/or other site identifiers on host computer system 102.
- MATCH CHECK OPERATION 316 a determination is made as to whether any of the new phishing site identifiers match any of the local site identifiers. If there is a match, flow moves to PROVIDE PHISHING NOTIFICATION OPERATION 218, which is performed as discussed above. Conversely, if there is not a match, flow moves to and exits at EXIT OPERATION 222 or returns to NEW PHISHING SITE IDENTIFIERS CHECK OPERATION 212 and waits for new phishing site identifiers.
- Phishing Notification Service (PNS) application 106 is in computer memory 114.
- a computer memory refers to a volatile memory, a non-volatile memory, or a combination of the two.
- Phishing Notification Service (PNS) application 106 are referred to as an application, this is illustrative only. Phishing Notification Service (PNS) application 106 should be capable of being called from an application or the operating system. In one embodiment, an application is generally defined to be any executable code. Moreover, those of skill in the art will understand that when it is said that an application or an operation takes some action, the action is the result of executing one or more instructions by a processor.
- Other network configurations other than client-server configurations e.g., peer-to-peer, web-based, intranet, internet network configurations, are used in other embodiments.
- a computer program product comprises a medium configured to store or transport computer readable code in accordance with an embodiment.
- Some examples of computer program products are CD-ROM discs (CDs), DVDs, ROM cards, floppy discs, magnetic tapes, computer hard drives, servers on a network and signals transmitted over a network representing computer readable code.
- a computer program product comprises a tangible medium configured to store computer readable code including CD-ROM discs, DVDs, ROM cards, floppy discs, magnetic tapes, computer hard drives and servers on a network.
- this medium may belong to the computer system itself. However, the medium also may be removed from the computer system.
- Phishing Notification Service (PNS) application 106 may be stored in memory 136 that is physically located in a location different from processor 108.
- Processor 108 should be coupled to the memory 136. This could be accomplished in a client-server system, or alternatively via a connection to another computer via modems and analog lines, or digital interfaces and a digital carrier line.
- PPS Phishing Notification Service
- host computer system 102 and/or server computer system 130 is a portable computer, a workstation, a two-way pager, a cellular telephone, a digital wireless telephone, a personal digital assistant, a server computer, an Internet appliance, or any other device that includes components that can execute the Phishing Notification Service functionality in accordance with at least one of the embodiments as described herein.
- host computer system 102 and/or server computer system 130 is comprised of multiple different computers, wireless devices, cellular telephones, digital telephones, two-way pagers, or personal digital assistants, server computers, or any desired combination of these devices that are interconnected to perform, the methods as described herein.
- Phishing Notification Service functionality in accordance with one embodiment can be implemented in a wide variety of computer system configurations.
- the Phishing Notification Service functionality could be stored as different modules in memories of different devices.
- Phishing Notification Service (PNS) application 106 could initially be stored in server computer system 130, and then as necessary, a portion of Phishing Notification Service (PNS) application 106 could be transferred to host computer system 102 and executed on host computer system 102. Consequently, part of the Phishing Notification Service functionality would be executed on processor 134 of server computer system 130, and another part would be executed on processor 108 of host computer system 102.
- PPS Phishing Notification Service
- those of skill in the art can implement various embodiments in a wide-variety of physical hardware configurations using an operating system and computer programming language of interest to the user.
- Phishing Notification Service (PNS) application 106 is stored in memory 136 of server computer system 130. Phishing Notification Service (PNS) application 106 is transferred over network 124 to memory 114 in host computer system 102.
- network interface 138 and I/O interface 110 would include analog modems, digital modems, or a network interface card. If modems are used, network 124 includes a communications network, and Phishing Notification Service (PNS) application 106 is downloaded via the communications network.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Claims (17)
- Procédé (200, 300) comprenant les étapes suivantes :déterminer (212) si de nouveaux identifiants de site d'hameçonnage ont été créés, où, lors d'une détermination que lesdits nouveaux identifiants de site d'hameçonnage ont été créés, ledit procédé comprend en outre les étapes suivantes :comparer (214, 314) lesdits nouveaux identifiants de site d'hameçonnage à des identifiants de site de sites auxquels des valeurs critiques ont été précédemment fournies, où, lors d'une détermination qu'au moins un desdits nouveaux identifiants de site d'hameçonnage correspond à au moins l'un desdits identifiants de site de sites auxquels des valeurs critiques ont été fournies, déterminer (204) que des valeurs critiques ont été fournies à un site qui a été découvert comme étant un site d'hameçonnage, ledit procédé comprenant en outre les étapes suivantes :lors de la détermination qu'au moins l'un desdits nouveaux identifiants de site d'hameçonnage correspond à au moins l'un desdits identifiants de site de sites auxquels des valeurs critiques ont été fournies, fournir (218) une notification d'hameçonnage à un utilisateur qui a fourni les valeurs critiques au site, la notification d'hameçonnage comprenant la date et/ou l'heure où les valeurs critiques ont été fournies au site d'hameçonnage, et les valeurs critiques réelles fournies précédemment au site d'hameçonnage ; etfournir une notification d'hameçonnage à au moins un commerçant imité par le site d'hameçonnage, un bureau de crédit ou un organisme d'application de la loi, la notification d'hameçonnage comprenant la date et/ou l'heure où les valeurs critiques ont été fournies au site d'hameçonnage.
- Procédé selon la revendication 1, dans lequel lesdits nouveaux identifiants de site d'hameçonnage sont des identifiants de site de sites d'hameçonnage nouvellement découverts.
- Procédé selon la revendication 2, dans lequel lesdits nouveaux identifiants de site d'hameçonnage comprennent des localisateurs uniformes de ressources (URL) desdits sites d'hameçonnage récemment découverts.
- Procédé selon la revendication 2, dans lequel lesdits nouveaux identifiants de site d'hameçonnage comprennent des adresses de protocole internet (IP) desdits sites d'hameçonnage récemment découverts.
- Procédé selon l'une quelconque des revendications 1 à 4, dans lequel lors d'une détermination selon laquelle au moins un desdits nouveaux identifiants de site d'hameçonnage ne correspond pas à au moins l'un desdits identifiants de site de sites auxquels des valeurs critiques ont été fournies, une détermination est faite que des valeurs critiques n'ont pas été fournies à un site qui a été découvert comme étant un site d'hameçonnage.
- Procédé selon la revendication 1, dans lequel ladite notification d'hameçonnage comprend une notification sélectionnée dans le groupe consistant en : (1) l'identifiant de site dudit site d'hameçonnage ; (2) un nom dudit site d'hameçonnage ; et (3) un commerçant légitime qui a été imité par ledit site d'hameçonnage.
- Procédé selon la revendication 1 ou la revendication 6, comprenant en outre la prise d'une action de protection (220) pour fournir une protection contre ledit site d'hameçonnage, où ladite prise d'une action de protection comprend de désactiver tout courrier électronique d'hameçonnage associé audit site d'hameçonnage.
- Procédé selon la revendication 1, comprenant en outre de déterminer si lesdites valeurs critiques ont été fournies à un site.
- Procédé selon la revendication 8, dans lequel, lors d'une détermination que lesdites valeurs critiques ont été fournies à un site, ledit procédé comprend en outre de créer (206) un enregistrement de transaction comprenant un identifiant de site dudit site.
- Procédé selon la revendication 9, comprenant en outre de stocker (208) ledit enregistrement de transaction.
- Procédé selon la revendication 10, dans lequel ledit enregistrement de transaction est stocké dans une mémoire d'enregistrements de transactions comprenant une pluralité d'enregistrements de transactions.
- Procédé selon la revendication 11, dans lequel ladite comparaison desdits nouveaux identifiants de site d'hameçonnage aux identifiants de site de sites auxquels des valeurs critiques ont été fournies comprend de déterminer (216) si l'un quelconque desdits nouveaux identifiants de site d'hameçonnage correspond à l'un quelconque desdits identifiants de site de sites auxquels des valeurs critiques ont été fournies contenus dans lesdits enregistrements de transactions.
- Procédé selon la revendication 10, 11 ou 12, comprenant en outre de fournir ledit enregistrement de transaction à une société de sécurité.
- Procédé selon l'une quelconque des revendications précédentes, dans lequel lesdits identifiants de sites de sites auxquels des valeurs critiques ont été fournies sont contenus dans une mémoire cache d'un navigateur Web.
- Procédé selon l'une quelconque des revendications précédentes, dans lequel lesdits identifiants de site de sites auxquels des valeurs critiques ont été fournies sont contenus dans un courrier électronique.
- Produit de programme informatique comprenant un support lisible par ordinateur tangible contenant un code de programme informatique comprenant :une application de service de notification d'hameçonnage pour déterminer si de nouveaux identifiants de site d'hameçonnage ont été créés, où, lors de la détermination que lesdits nouveaux identifiants de site d'hameçonnage ont été créés, ladite application de service de notification d'hameçonnage est en outre configurée pour :comparer lesdits nouveaux identifiants de sites d'hameçonnage à des identifiants de site de sites auxquels des valeurs critiques ont été fournies précédemment, où, lors d'une détermination selon laquelle au moins l'un desdits nouveaux identifiants de site d'hameçonnage correspond à au moins l'un desdits identifiants de site de sites auxquels des valeurs critiques ont été fournies, déterminer que des valeurs critiques ont été fournies à un site qui a été découvert comme étant un site d'hameçonnage, ladite application de service de notification d'hameçonnage étant en outre configurée pour :lors de la détermination selon laquelle au moins l'un desdits nouveaux identifiants de site d'hameçonnage correspond à au moins l'un desdits identifiants de site de sites auxquels des valeurs critiques ont été fournies, fournir une notification d'hameçonnage à un utilisateur qui a fourni les valeurs critiques au site, la notification d'hameçonnage comprenant la date et/ou l'heure où les valeurs critiques ont été fournies au site d'hameçonnage et les valeurs critiques réelles fournies précédemment au site d'hameçonnage ; etfournir une notification d'hameçonnage à au moins un commerçant imité par le site d'hameçonnage, un bureau de crédit ou un organisme d'application de la loi, la notification d'hameçonnage comprenant la date et/ou l'heure où les valeurs critiques ont été fournies au site d'hameçonnage.
- Système informatique comprenant :une mémoire dans laquelle est stockée une application de service de notification d'hameçonnage ; etun processeur couplé à ladite mémoire, dans lequel l'exécution de ladite application de service de notification d'hameçonnage génère un procédé comprenant les étapes suivantes :déterminer si de nouveaux identifiants de site d'hameçonnage ont été créés, où, lors d'une détermination que lesdits nouveaux identifiants de site d'hameçonnage ont été créés, ledit procédé comprend en outre les étapes suivantes :comparer lesdits nouveaux identifiants de site d'hameçonnage à des identifiants de site de sites auxquels des valeurs critiques ont été précédemment fournies, où, lors d'une détermination qu'au moins un desdits nouveaux identifiants de site d'hameçonnage correspond à au moins un desdits identifiants de site de sites auxquels des valeurs critiques ont été fournies, déterminer que des valeurs critiques ont été fournies à un site qui a été découvert comme étant un site d'hameçonnage, ledit procédé comprenant en outre les étapes suivantes :lors de la détermination selon laquelle au moins l'un desdits nouveaux identifiants de site d'hameçonnage correspond à au moins l'un desdits identifiants de site de sites auxquels des valeurs critiques ont été fournies, fournir une notification d'hameçonnage à un utilisateur qui a fourni les valeurs critiques au site, la notification d'hameçonnage comprenant la date et/ou l'heure où les valeurs critiques ont été fournies au site d'hameçonnage et les valeurs critiques réelles fournies précédemment au site d'hameçonnage ; et fournir une notification d'hameçonnage à au moins un commerçant imité par le site d'hameçonnage, un bureau de crédit ou un organisme d'application de la loi, la notification d'hameçonnage comprenant la date et/ou l'heure où les valeurs critiques ont été fournies au site d'hameçonnage.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/849,093 US8281394B2 (en) | 2007-08-31 | 2007-08-31 | Phishing notification service |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2031823A2 EP2031823A2 (fr) | 2009-03-04 |
EP2031823A3 EP2031823A3 (fr) | 2015-04-01 |
EP2031823B1 true EP2031823B1 (fr) | 2017-07-05 |
Family
ID=40139951
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP08160462.1A Not-in-force EP2031823B1 (fr) | 2007-08-31 | 2008-07-15 | Service de notification d'hameçonnage |
Country Status (4)
Country | Link |
---|---|
US (1) | US8281394B2 (fr) |
EP (1) | EP2031823B1 (fr) |
JP (2) | JP2009059358A (fr) |
CN (2) | CN105391689A (fr) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8281394B2 (en) * | 2007-08-31 | 2012-10-02 | Symantec Corporation | Phishing notification service |
US20090328208A1 (en) * | 2008-06-30 | 2009-12-31 | International Business Machines | Method and apparatus for preventing phishing attacks |
US20120331551A1 (en) * | 2011-06-24 | 2012-12-27 | Koninklijke Kpn N.V. | Detecting Phishing Attempt from Packets Marked by Network Nodes |
US8484741B1 (en) * | 2012-01-27 | 2013-07-09 | Chapman Technology Group, Inc. | Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams |
US8370529B1 (en) * | 2012-07-10 | 2013-02-05 | Robert Hansen | Trusted zone protection |
US9344449B2 (en) | 2013-03-11 | 2016-05-17 | Bank Of America Corporation | Risk ranking referential links in electronic messages |
US9621566B2 (en) | 2013-05-31 | 2017-04-11 | Adi Labs Incorporated | System and method for detecting phishing webpages |
US9635052B2 (en) * | 2015-05-05 | 2017-04-25 | Christopher J. HADNAGY | Phishing as-a-service (PHaas) used to increase corporate security awareness |
US10200381B2 (en) | 2015-08-05 | 2019-02-05 | Mcafee, Llc | Systems and methods for phishing and brand protection |
CN106302440B (zh) * | 2016-08-11 | 2019-12-10 | 国家计算机网络与信息安全管理中心 | 一种多渠道获取可疑钓鱼网站的方法 |
WO2019123455A1 (fr) * | 2017-12-18 | 2019-06-27 | Intsights Cyber Intelligence Ltd. | Système et procédé de blocage de tentatives d'hameçonnage dans des réseaux informatiques |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020052841A1 (en) * | 2000-10-27 | 2002-05-02 | Guthrie Paul D. | Electronic payment system |
GB2401281B (en) * | 2003-04-29 | 2006-02-08 | Hewlett Packard Development Co | Propagation of viruses through an information technology network |
US7565538B2 (en) * | 2004-04-05 | 2009-07-21 | Microsoft Corporation | Flow token |
US20060090073A1 (en) * | 2004-04-27 | 2006-04-27 | Shira Steinberg | System and method of using human friendly representations of mathematical values and activity analysis to confirm authenticity |
JP4692805B2 (ja) * | 2004-06-30 | 2011-06-01 | Tdk株式会社 | 磁気検出素子およびその形成方法 |
US20060095955A1 (en) * | 2004-11-01 | 2006-05-04 | Vong Jeffrey C V | Jurisdiction-wide anti-phishing network service |
US20060123478A1 (en) * | 2004-12-02 | 2006-06-08 | Microsoft Corporation | Phishing detection, prevention, and notification |
US8195952B2 (en) * | 2004-12-14 | 2012-06-05 | International Business Machines Corporation | System and method of facilitating the identification of a computer on a network |
US7681234B2 (en) * | 2005-06-30 | 2010-03-16 | Microsoft Corporation | Preventing phishing attacks |
US20070245032A1 (en) * | 2006-02-24 | 2007-10-18 | Parent Approval Llc | System and method of a data blocker based on local monitoring of a soliciting website |
JP2007233904A (ja) * | 2006-03-03 | 2007-09-13 | Securebrain Corp | 偽造サイト検知方法およびコンピュータプログラム |
US7854006B1 (en) * | 2006-03-31 | 2010-12-14 | Emc Corporation | Differential virus scan |
US20100175136A1 (en) * | 2007-05-30 | 2010-07-08 | Moran Frumer | System and method for security of sensitive information through a network connection |
US8281394B2 (en) * | 2007-08-31 | 2012-10-02 | Symantec Corporation | Phishing notification service |
US20100094839A1 (en) * | 2008-10-14 | 2010-04-15 | Brach Ricci S | Coordinated notification |
-
2007
- 2007-08-31 US US11/849,093 patent/US8281394B2/en active Active
-
2008
- 2008-07-15 EP EP08160462.1A patent/EP2031823B1/fr not_active Not-in-force
- 2008-08-21 CN CN201510673106.2A patent/CN105391689A/zh active Pending
- 2008-08-21 CN CN200810210117.7A patent/CN101378396A/zh active Pending
- 2008-08-21 JP JP2008212540A patent/JP2009059358A/ja active Pending
-
2014
- 2014-04-16 JP JP2014084327A patent/JP5801437B2/ja not_active Expired - Fee Related
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
CN105391689A (zh) | 2016-03-09 |
JP2014132500A (ja) | 2014-07-17 |
US8281394B2 (en) | 2012-10-02 |
CN101378396A (zh) | 2009-03-04 |
EP2031823A3 (fr) | 2015-04-01 |
EP2031823A2 (fr) | 2009-03-04 |
JP5801437B2 (ja) | 2015-10-28 |
US20090064325A1 (en) | 2009-03-05 |
JP2009059358A (ja) | 2009-03-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2031823B1 (fr) | Service de notification d'hameçonnage | |
US9998471B2 (en) | Highly accurate security and filtering software | |
US8095967B2 (en) | Secure web site authentication using web site characteristics, secure user credentials and private browser | |
US8181250B2 (en) | Personalized honeypot for detecting information leaks and security breaches | |
US9325738B2 (en) | Methods and apparatus for blocking unwanted software downloads | |
US8869271B2 (en) | System and method for risk rating and detecting redirection activities | |
USRE45326E1 (en) | Systems and methods for securing computers | |
US8645478B2 (en) | System and method for monitoring social engineering in a computer network environment | |
WO2018213457A1 (fr) | Utilisation d'un contexte de message pour évaluer la sécurité de données demandées | |
US20170195363A1 (en) | System and method to detect and prevent phishing attacks | |
US20220286432A1 (en) | Discovering email account compromise through assessments of digital activities | |
US8839424B2 (en) | Cross-site request forgery protection | |
US11856020B2 (en) | Detecting potential domain name system (DNS) hijacking by identifying anomalous changes to DNS records | |
US7549169B1 (en) | Alternated update system and method | |
US11509691B2 (en) | Protecting from directory enumeration using honeypot pages within a network directory | |
Sandhu et al. | Google safe browsing-web security | |
Chintala et al. | Email Security Framework and Virus Detection Techniques | |
WO2008127265A1 (fr) | Authentification sécurisée d'un site web en utilisant les caractéristiques du site web, des références d'utilisateur sécurisées et un navigateur privé | |
Brusco | Implementing safe computer practices | |
E-mail actually Work | E-mail Security | |
Backofen | Secure and Simple: Plug-and-Play Security | |
Work | E-Mail Security | |
Run | Black Hat Hacker is somebody that hacks with malicious intent and enters an information asset or system without authorization. White Hat Hacker penetrates systems to test security and document weak-nesses to allow organizations to improve their defenses. A more general def-inition would state that a White Hacker is someone who has goals that are |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA MK RS |
|
17P | Request for examination filed |
Effective date: 20090902 |
|
PUAL | Search report despatched |
Free format text: ORIGINAL CODE: 0009013 |
|
AK | Designated contracting states |
Kind code of ref document: A3 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA MK RS |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 29/06 20060101AFI20150223BHEP Ipc: H04L 12/22 20060101ALI20150223BHEP |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AKX | Designation fees paid |
Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AXX | Extension fees paid |
Extension state: BA Extension state: AL Extension state: RS Extension state: MK |
|
17Q | First examination report despatched |
Effective date: 20160226 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20161223 |
|
GRAJ | Information related to disapproval of communication of intention to grant by the applicant or resumption of examination proceedings by the epo deleted |
Free format text: ORIGINAL CODE: EPIDOSDIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
GRAR | Information related to intention to grant a patent recorded |
Free format text: ORIGINAL CODE: EPIDOSNIGR71 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTC | Intention to grant announced (deleted) | ||
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
INTG | Intention to grant announced |
Effective date: 20170529 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 907322 Country of ref document: AT Kind code of ref document: T Effective date: 20170715 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602008050942 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 10 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20170705 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 907322 Country of ref document: AT Kind code of ref document: T Effective date: 20170705 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20171005 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20171006 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20171105 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20171005 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602008050942 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170715 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170731 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170731 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20170731 |
|
26N | No opposition filed |
Effective date: 20180406 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 11 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170715 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170731 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170715 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20080715 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170705 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170705 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 602008050942 Country of ref document: DE Representative=s name: D YOUNG & CO LLP, GB Ref country code: DE Ref legal event code: R081 Ref document number: 602008050942 Country of ref document: DE Owner name: NORTONLIFELOCK INC., CUPERTINO, US Free format text: FORMER OWNER: SYMANTEC CORPORATION, CUPERTINO, CALIF., US Ref country code: DE Ref legal event code: R082 Ref document number: 602008050942 Country of ref document: DE Representative=s name: D YOUNG & CO LLP, DE Ref country code: DE Ref legal event code: R081 Ref document number: 602008050942 Country of ref document: DE Owner name: NORTONLIFELOCK INC., TEMPE, US Free format text: FORMER OWNER: SYMANTEC CORPORATION, CUPERTINO, CALIF., US |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20200623 Year of fee payment: 13 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20200624 Year of fee payment: 13 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 602008050942 Country of ref document: DE Representative=s name: D YOUNG & CO LLP, DE |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 602008050942 Country of ref document: DE Representative=s name: D YOUNG & CO LLP, DE Ref country code: DE Ref legal event code: R081 Ref document number: 602008050942 Country of ref document: DE Owner name: NORTONLIFELOCK INC., TEMPE, US Free format text: FORMER OWNER: NORTONLIFELOCK INC., CUPERTINO, CA, US |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20200622 Year of fee payment: 13 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602008050942 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04L0029060000 Ipc: H04L0065000000 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602008050942 Country of ref document: DE |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20210715 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210715 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20220201 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210731 |